× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2d29d3c869e14f8804b23444a6ee8b191d85cffa30f81c83d4200f027bfb3499
File name: 2d29d3c869e14f8804b23444a6ee8b191d85cffa30f81c83d4200f027bfb3499
Detection ratio: 14 / 66
Analysis date: 2019-03-24 01:41:38 UTC ( 1 month, 4 weeks ago ) View latest
Antivirus Result Update
Acronis suspicious 20190322
Avast Win32:BankerX-gen [Trj] 20190324
AVG Win32:BankerX-gen [Trj] 20190324
ClamAV Win.Malware.Razy-6904264-0 20190323
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cybereason malicious.c00991 20190109
Endgame malicious (high confidence) 20190322
ESET-NOD32 a variant of Win32/Kryptik.GRFS 20190323
Fortinet W32/Kryptik.GRDF!tr 20190323
Sophos ML heuristic 20190313
Qihoo-360 HEUR/QVM20.1.0C1F.Malware.Gen 20190324
Rising Trojan.Kryptik!8.8 (TFE:dGZlOgMKgTRxRzxlKQ) 20190324
SentinelOne (Static ML) DFI - Malicious PE 20190317
Trapmine malicious.moderate.ml.score 20190301
Ad-Aware 20190324
AegisLab 20190324
AhnLab-V3 20190323
Alibaba 20190306
ALYac 20190324
Antiy-AVL 20190324
Arcabit 20190324
Avast-Mobile 20190323
Avira (no cloud) 20190323
Babable 20180918
Baidu 20190318
BitDefender 20190324
Bkav 20190320
CAT-QuickHeal 20190322
CMC 20190321
Comodo 20190323
Cyren 20190324
DrWeb 20190324
eGambit 20190324
Emsisoft 20190324
F-Secure 20190324
GData 20190324
Ikarus 20190323
Jiangmin 20190323
K7AntiVirus 20190323
K7GW 20190323
Kaspersky 20190323
Kingsoft 20190324
Malwarebytes 20190323
MAX 20190324
McAfee 20190324
McAfee-GW-Edition 20190323
Microsoft 20190323
eScan 20190324
NANO-Antivirus 20190324
Palo Alto Networks (Known Signatures) 20190324
Panda 20190323
Sophos AV 20190322
SUPERAntiSpyware 20190321
Symantec Mobile Insight 20190220
TACHYON 20190324
Tencent 20190324
TheHacker 20190322
TotalDefense 20190323
TrendMicro-HouseCall 20190324
Trustlook 20190324
VBA32 20190322
VIPRE 20190323
ViRobot 20190323
Yandex 20190321
Zillya 20190322
ZoneAlarm by Check Point 20190324
Zoner 20190324
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name DISM.EXE
Internal name dism
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Dism Image Servicing Utility
Signature verification A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signing date 6:01 AM 3/26/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-03-24 01:31:54
Entry Point 0x0001D950
Number of sections 4
PE sections
Overlays
MD5 b56a42c61dee93c5ad67632ddeafed15
File type data
Offset 204288
Size 3336
Entropy 7.34
PE imports
CreateJobObjectA
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
SetEvent
HeapDestroy
ProcessIdToSessionId
GetFileAttributesW
lstrcmpW
GetLocalTime
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetTimeZoneInformation
GetVolumeInformationW
VerifyVersionInfoA
SetErrorMode
WideCharToMultiByte
WritePrivateProfileStringW
FreeEnvironmentStringsW
GetLocaleInfoW
EnumResourceLanguagesW
GetFileTime
GetCPInfo
GetStringTypeA
InterlockedExchange
FindResourceExW
WaitForSingleObject
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
FormatMessageW
ResumeThread
GetTimeZoneInformation
LoadResource
GetStringTypeExW
FindClose
InterlockedDecrement
MoveFileW
GetFullPathNameW
OutputDebugStringA
SetLocaleInfoW
SetLastError
_llseek
GetUserDefaultUILanguage
GetSystemTime
DeviceIoControl
InitializeCriticalSection
CopyFileW
WriteProcessMemory
OutputDebugStringW
CancelTimerQueueTimer
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
GlobalHandle
lstrcmpiW
FoldStringA
EnumSystemLocalesA
SetConsoleCtrlHandler
GetSystemDefaultLCID
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
GetPrivateProfileStringW
SetFilePointer
SetFileAttributesW
GlobalAddAtomW
CreateThread
GetSystemDirectoryW
TlsSetValue
GetSystemDefaultUILanguage
SetUnhandledExceptionFilter
ConvertDefaultLocale
CreateMutexW
MulDiv
UnlockFile
ExitThread
SetEnvironmentVariableA
FindAtomW
SetProcessShutdownParameters
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
SetConsoleTitleA
GetCurrentThreadId
LeaveCriticalSection
GetNumberFormatW
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GlobalGetAtomNameW
MoveFileWithProgressW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GlobalFindAtomW
GlobalSize
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
GetFileSize
LCMapStringW
OpenProcess
FreeResource
SetVolumeMountPointW
DeleteFileW
GetProcAddress
GetPrivateProfileIntW
GetConsoleAliasesA
AddAtomW
GetProcessHeap
GetComputerNameW
CompareStringW
WriteFile
GetFileSizeEx
GlobalReAlloc
GetModuleFileNameW
ExpandEnvironmentStringsW
lstrcmpA
WTSGetActiveConsoleSessionId
HeapValidate
CompareStringA
CreateTimerQueueTimer
FindFirstFileW
IsValidLocale
DuplicateHandle
GetUserDefaultLCID
GetTempPathW
CreateEventW
FindFirstVolumeA
EnumTimeFormatsA
CreateFileW
WriteConsoleA
GetFileType
SetFileTime
CreateFileA
HeapAlloc
GetCurrencyFormatW
InterlockedIncrement
GetLastError
LocalReAlloc
SystemTimeToFileTime
GlobalDeleteAtom
GetShortPathNameW
VirtualAllocEx
lstrlenA
GlobalFree
GetConsoleCP
GetDefaultCommConfigW
LCMapStringA
GetTimeFormatW
GetProcessTimes
GetThreadLocale
OpenThread
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
Process32NextW
VirtualFree
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
HeapSize
GetCurrentProcessId
LockResource
ContinueDebugEvent
GetCommandLineW
GetCurrentDirectoryA
GetAtomNameW
InterlockedCompareExchange
Process32FirstW
GetCurrentThread
SuspendThread
RaiseException
UnhandledExceptionFilter
TlsFree
GetModuleHandleA
ReadFile
GlobalFlags
DeleteAtom
CloseHandle
OpenMutexW
lstrcpynA
GetACP
GlobalLock
GetModuleHandleW
BindIoCompletionCallback
GetFileAttributesExW
SetStdHandle
GetLongPathNameW
TlsGetValue
IsValidCodePage
HeapCreate
FindResourceW
CreateProcessW
Sleep
TerminateProcess
SetThreadPriority
SetComputerNameExW
VirtualAlloc
GetTimeFormatA
WindowFromPoint
SetFocus
EnumWindowStationsA
GetForegroundWindow
SetMenuItemBitmaps
LoadBitmapW
SetRectEmpty
DestroyMenu
PostQuitMessage
GetMessagePos
ValidateRect
SetWindowPos
SetScrollPos
IsWindow
GrayStringW
EndPaint
ScrollWindowEx
SetDlgItemInt
IntersectRect
GetMessageTime
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
DdeInitializeA
GetDlgCtrlID
GetMenu
UnregisterClassA
TranslateMessage
UnregisterClassW
GetClassInfoW
DrawTextW
GetNextDlgTabItem
CallNextHookEx
GetActiveWindow
GetWindowTextW
CopyAcceleratorTableW
GetWindowTextLengthW
LoadAcceleratorsW
GetTopWindow
GetMenuItemID
DestroyWindow
GetClassInfoExW
UpdateWindow
GetWindow
GetPropW
EqualRect
ShowScrollBar
CheckRadioButton
GetMessageW
ShowWindow
SetPropW
GetMenuState
GetClipboardFormatNameA
PeekMessageW
EnableWindow
SetWindowPlacement
CharUpperW
LoadIconW
DdeQueryConvInfo
IsWindowEnabled
GetDlgItemTextW
GetDlgItemInt
GetMenuBarInfo
CharNextExA
GetMenuItemRect
RegisterClassW
ScrollWindow
GetWindowPlacement
LoadStringW
DdeConnect
GetKeyboardLayoutList
OemToCharBuffA
EnableMenuItem
TrackPopupMenuEx
GetScrollPos
GetSubMenu
GetDCEx
IsDialogMessageW
FillRect
CopyRect
GetSysColorBrush
GetDialogBaseUnits
RealChildWindowFromPoint
CreateWindowExW
TabbedTextOutW
GetWindowLongW
GetGUIThreadInfo
GetMenuItemInfoW
IsChild
MapWindowPoints
RegisterWindowMessageW
DrawAnimatedRects
LockWindowUpdate
SetCapture
BeginPaint
OffsetRect
DefWindowProcW
GetAltTabInfo
KillTimer
MapVirtualKeyW
TranslateAcceleratorW
GetParent
SendDlgItemMessageA
GetSystemMetrics
IsIconic
SetScrollRange
GetWindowRect
InflateRect
PostMessageA
ReleaseCapture
GetScrollRange
ShowOwnedPopups
SendDlgItemMessageW
PostMessageW
InvalidateRect
GetScrollInfo
CreatePopupMenu
CheckMenuItem
GetClassLongW
GetLastActivePopup
PtInRect
SetWindowTextW
SetTimer
GetDlgItem
GetMenuCheckMarkDimensions
SystemParametersInfoW
BringWindowToTop
ClientToScreen
TrackPopupMenu
GetMenuItemCount
SetParent
IsDlgButtonChecked
CheckDlgButton
GetDesktopWindow
SetWindowsHookExW
LoadCursorW
GetSystemMenu
ReuseDDElParam
DispatchMessageW
InsertMenuW
SetForegroundWindow
GetMenuStringW
CreateDialogIndirectParamW
DrawTextExW
EndDialog
SetProcessDefaultLayout
ModifyMenuW
GetCapture
RealGetWindowClass
ScreenToClient
SetWindowLongW
LoadMenuW
RemoveMenu
GetWindowThreadProcessId
DeferWindowPos
BeginDeferWindowPos
MessageBoxW
SendMessageW
SetMenu
MoveWindow
DdePostAdvise
AppendMenuW
GetWindowDC
AdjustWindowRectEx
GetSysColor
SetDlgItemTextW
SetScrollInfo
GetKeyState
EndDeferWindowPos
SystemParametersInfoA
DestroyIcon
wsprintfW
IsWindowVisible
WinHelpW
UnpackDDElParam
GetWindowContextHelpId
GetWindowInfo
UnionRect
SetRect
DeleteMenu
GetKeyNameTextW
CallWindowProcW
GetClassNameW
GetClientRect
UnregisterDeviceNotification
IsRectEmpty
GetFocus
InsertMenuItemW
SetCursor
UnhookWindowsHookEx
RemovePropW
Number of PE resources by type
RT_STRING 7
RT_RCDATA 1
MUI 1
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 11
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
83456

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
6.1.7600.16385

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
DISM.EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2019:03:24 02:31:54+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
dism

ProductVersion
6.1.7600.16385

FileDescription
Dism Image Servicing Utility

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
119808

FileSubtype
0

ProductVersionNumber
6.1.7600.16385

EntryPoint
0x1d950

ObjectFileType
Executable application

File identification
MD5 70f460325dc769b94fb2472f0f2c280c
SHA1 3c39fdcc009912e65728f3f7e2abf596d827b858
SHA256 2d29d3c869e14f8804b23444a6ee8b191d85cffa30f81c83d4200f027bfb3499
ssdeep
3072:jW7kCAvUgI5sYU1GTStPrOKARkxEwSMmwVBEbLg4R+erGSFz52p0Wf6L5CnrtB:tC9sY4Gu1gdMmwVBE/Ier0CVerb

authentihash 545a7fcf24e0f5e9567a6c1353e950a3f8d5925001c3385f6002ffb35a3d965e
imphash 9e0d1d6f6388e8cd99ce5b32481f8f3f
File size 202.8 KB ( 207624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-03-24 01:41:38 UTC ( 1 month, 4 weeks ago )
Last submission 2019-03-26 05:01:30 UTC ( 1 month, 3 weeks ago )
File names emotet_e2_2d29d3c869e14f8804b23444a6ee8b191d85cffa30f81c83d4200f027bfb3499_2019-03-24__013505.exe_
dism
DISM.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs